| === jamesh_ is now known as jamesh | ||
| === not_phunyguy is now known as phunyguy | ||
| === not_phunyguy is now known as phunyguy | ||
| mborzecki | morning | 05:22 |
|---|---|---|
| mborzecki | mardy: hey' | 06:02 |
| mardy | mborzecki: hi! | 06:04 |
| mardy | mborzecki: I'm struggling with writing a unit test. I don't understand how to do mocking in Go... and on the interwebs I can't find anything useful | 06:06 |
| mardy | I found this: https://stackoverflow.com/questions/36688872/golang-test-mock-functions-best-practices, but still doesn't answer the main question (if you search for "mardy" in the page you'll find the question I just added) | 06:06 |
| mardy | they all explain how to mock a function or an interface, but not how to mock a package | 06:07 |
| mborzecki | mardy: quich chat maybe? | 06:11 |
| mborzecki | and you can share your screen then | 06:11 |
| mardy | oh, thanks, sure | 06:14 |
| mardy | mborzecki: sent you an invite | 06:16 |
| mborzecki | mvo: hey | 06:30 |
| mvo | good morning mborzecki | 06:32 |
| zyga-mbp | good morning | 06:46 |
| zyga-mbp | mvo: hey :-) | 06:46 |
| zyga-mbp | how are you doing? | 06:46 |
| mvo | good morning zyga-mbp ! I'm good, thank you | 06:46 |
| zyga-mbp | mvo: I'm working on something that could be useful for you when completed: a way to run spread tasks against a lava installation | 06:48 |
| zyga-mbp | mvo: lava supports quite a lot of devices for automation, so it might be an alternative to test flinger | 06:48 |
| zyga-mbp | mvo: we should have it working in a week or two | 06:49 |
| mvo | zyga-mbp: nice! do we use that in our cert lab too? | 06:49 |
| zyga-mbp | mvo: I don't know, even if it's really apt-get install away to get working, there's some initial config (admin user, register devices) but it could be something to consider especially if the target board is supported already | 06:50 |
| zyga-mbp | mvo: and plars has long linaro history so it's not entirely foreign | 06:50 |
| zyga-mbp | mvo: anyway, for us it's a way to have one infra layer for linux and zephyr | 06:51 |
| mvo | zyga-mbp: cool, I guess I shall talk to plars (?) | 06:51 |
| zyga-mbp | mvo: while being able to use spread locally during development and in CI | 06:51 |
| mvo | zyga-mbp: neato | 06:51 |
| zyga-mbp | mvo: for linux at least, zephyr is a big unknown for now :) | 06:51 |
| zyga-mbp | mvo: cool, I'll let you guys know when it's working | 06:51 |
| zyga-mbp | mvo: if you want to see any of the patches and have a chance to review we can do that too, but I don't know if you have the time to invest in that activity | 06:52 |
| zyga-mbp | mvo: we literally just have the first two patches up for review | 06:52 |
| mborzecki | zyga-mbp: prs to spread upstream? | 06:53 |
| zyga-mbp | mborzecki: sure but I'm still waiting on the small PR to unbreak tests | 06:54 |
| zyga-mbp | I have patches that fix go 1.6 support, make go vet happy | 06:54 |
| zyga-mbp | I can all post those but really, someone has to review | 06:54 |
| mvo | zyga-mbp: I organized a review meeting for monday, I hope to land some of the pending spread PRs then | 06:54 |
| zyga-mbp | mvo: oh that's cool | 06:54 |
| zyga-mbp | mvo: next monday? | 06:54 |
| zyga-mbp | I can post more then | 06:54 |
| mvo | zyga-mbp: let's see how this goes | 06:54 |
| zyga-mbp | cool, thank you for organizing that! | 06:54 |
| zyga-mbp | I will post everything I have that's relevant | 06:55 |
| mvo | zyga-mbp: my pleasure | 06:55 |
| zyga-mbp | woot, that's great | 06:55 |
| pstolowski | morning | 07:05 |
| mvo | good morning pstolowski | 07:13 |
| zyga-mbp | good morning pedronis :) | 07:15 |
| cachio_ | mborzecki, hi, tumbleweed is failing to build https://github.com/snapcore/snapd/pull/10367/checks?check_run_id=2794258646#step:5:3568 | 14:37 |
| cachio_ | any idea about how to fix it? | 14:37 |
| mborzecki | cachio_: hm looks weird, the builds on OBS are green, although the last rebuild was 3 days ago | 14:59 |
| === sil2100_ is now known as sil2100 | ||
| mborzecki | pedronis: opened https://github.com/snapcore/snapd/pull/10377 which should be fairly easy to land | 15:08 |
| pedronis | mborzecki: thx | 15:10 |
| * cachio_ lunch | 16:02 | |
| pedronis | ijohnson[m]: https://github.com/snapcore/snapd/pull/10266 is ready for re-reviews I think | 16:07 |
| ijohnson[m] | pedronis: ack will add it back to my queue | 16:08 |
| pedronis | thx | 16:12 |
| mvo | could someone do a quick double check at 10378, I need a +1 for merging | 16:18 |
| ijohnson[m] | mvo: looking now | 16:18 |
| mvo | ta | 16:18 |
| ijohnson[m] | mvo: approved | 16:20 |
| dob1 | hi, hy a snap application cannot enter a directory mounted via autofs ? it gives me permission problem with all snap applications while I have no problem to access that dir with my user via terminal/other application | 16:31 |
| dob1 | I get this error Error creating IO channel for /proc/self/mountinfo: Permission denied (g-file-error-quark, 2) | 16:31 |
| dob1 | ah because snap apps can only access home dir? | 16:35 |
| dob1 | https://askubuntu.com/a/1033617 why this limitation? it makes no sense.... | 16:36 |
| ijohnson[m] | dob1: snaps need to be given permission to access files through interfaces, the mount-observe interface would give access to /proc/self/mountinfo IIRC | 16:36 |
| dob1 | ijohnson[m], and how? | 16:37 |
| ijohnson[m] | dob1: are you building your own snap or are you using someone else's snap ? | 16:38 |
| dob1 | someone else | 16:38 |
| ijohnson[m] | dob1: you can check if the snap has the mount-observe interface plug defined with `snap connections <name-of-snap>`, if it shows up then all you need to do is `snap connect <snap-name>:mount-observer` | 16:38 |
| ijohnson[m] | s/mount-observer/mount-observe | 16:39 |
| dob1 | ijohnson[m], it's not | 16:40 |
| dob1 | let me say, not to critic the work of someone else, but it's so complicated ... why ? in 2021 I just want to access a file other that my home dir.... | 16:40 |
| ijohnson[m] | dob1: then you need to ask the publisher to add that connection to their snap, you should be able to contact them if you look at `snap info <snap-name> | grep contact` | 16:42 |
| dob1 | ijohnson[m], why there is a such limitation by default? | 16:53 |
| ogra | dob1, because everyone can upload and create snaps in the store the apps run in a confined space | 16:55 |
| ogra | dob1, the interfaces allow you as a user to decide if you trust the app enough to give it permissions to access info, hardware or places of your system | 16:56 |
| ogra | (imagine IOS or android apps) | 16:57 |
| dob1 | well it's not the same | 16:57 |
| ogra | sadly the author of your app did not add the interface plug you need here | 16:58 |
| dob1 | ios and android apps (more ios ones) are checked by apple and google before user can use them from app/play store | 16:58 |
| ogra | the same happens with snap apps | 16:58 |
| ogra | they run through a ton of automatic checks on upload | 16:58 |
| dob1 | that's fine then | 16:58 |
| ogra | the difference is that n IOS or android you get a popup asking you for the permissions when the app tries to access i.e. your GPS | 16:59 |
| ogra | snaps do not have that integration yet | 16:59 |
| ogra | so you need to come here and ask 🙂 | 16:59 |
| ogra | and then ask the snap developer to add the missing plug | 17:00 |
| RzR | the other option would be to let user define forbiden interfaces and let the application deal with this | 17:00 |
| dob1 | this application is a mp3 player, it makes sense that I want to load my mp3s from another location than my home.... | 17:00 |
| ogra | eventualy snaps will also ask about the permissions interactively .... | 17:00 |
| RzR | or let user define granted paths for app (ie: ~/Music by default) | 17:01 |
| ogra | well, most player apps tat need this have the removable-media plug ... if yu connect it it will give you access to /mnt and /media where i.e. usb disks get automounted | 17:01 |
| ogra | does "snap connections <the app you have>" list removable-media ? | 17:02 |
| dob1 | ogra, it lists this one | 17:02 |
| ogra | try mounting your disk in media or mnt ... and use snap connect to connect the interface | 17:03 |
| ogra | that should get you going | 17:03 |
| ogra | RzR, ~/Music is included in the home interface | 17:03 |
| dob1 | ogra, I installed another app in the meanwhile, no problem. I was just considering how this system works. I am used to just apt | 17:03 |
| ogra | yeah 🙂 | 17:04 |
| ogra | snaps are closer to mobile or tablet apps than to apr/rpm | 17:04 |
| ogra | *apt | 17:04 |
| RzR | ogra, but maybe user want to not expose ~/Documents | 17:04 |
| ogra | also incuded in home | 17:04 |
| ogra | oh that ... | 17:05 |
| ogra | yeah ... we dont have such fine grained management yet | 17:05 |
| dob1 | ogra, the idea of permissions make sense, it's not as you said user friendly but as RzR said it would be nice that the user can add any permission he wants | 17:05 |
| ogra | well, snaps do support xdg portals ... with that you can access anything on the filesystem the user has read access to | 17:06 |
| ogra | but it requires the app developer to implemet it | 17:06 |
| * cachio_ afk | 17:06 | |
| ogra | not all apps have that | 17:06 |
| dob1 | can I read more about the checks on the apps? | 17:08 |
| dob1 | do you have some link? | 17:08 |
| ogra | https://code.launchpad.net/review-tools should have some of it | 17:08 |
| ogra | they are also packaged as a snap 😉 | 17:09 |
| ogra | so you can "snap install review-tools" and run them at home | 17:09 |
| dob1 | to be honest this is the part that worried me most | 17:09 |
| ogra | to check a snap before uploading | 17:09 |
| ogra | there is also a CVE checker builtin to check for known security vulnerabilities ... in case you want to check other peoples snaps yu have installed | 17:10 |
| dob1 | ogra, where is is? | 17:10 |
| ogra | i just gave you the link above 🙂 | 17:10 |
| ogra | (or the command to install the binary) | 17:11 |
| dob1 | I take a look, thanks | 17:11 |
| RzR | I think there is at least 2 roles regardings such policies | 17:12 |
| RzR | what developer wants | 17:12 |
| RzR | and what user is ready to give | 17:12 |
| ogra | well, my mom doesnt care ... | 17:12 |
| RzR | i care of my mom :) | 17:13 |
| ogra | she just wants to use the SW ... and wants to be safe .... i.e. not have her gmail passwords stolen by an mp3 player app | 17:13 |
| RzR | an other option would be to have pre-defined settings approved by some trusty org like EFF | 17:14 |
| ogra | and TBH the majority of ubuntu users is on a technical level of my mom | 17:14 |
| ogra | uh, what has the EFF to do with packaging software ? | 17:14 |
| RzR | maybe not EFF itself | 17:15 |
| RzR | but they can approve that some policies are trustworthy or not | 17:16 |
| RzR | this mean policies should be in other channels | 17:16 |
| ogra | so can the ubuntu security team | 17:16 |
| RzR | like adblockers's black/white lists for the web | 17:16 |
| RzR | sorry if i am unclear | 17:16 |
| RzR | but I would be eager to apply to my systems some rules that will restrict the applications I use | 17:17 |
| ogra | you need to be deeply into the implementation to understand implications of what an interface does or doesnt allow | 17:17 |
| RzR | instead of writing then myself | 17:17 |
| ogra | i dont think comparing it to URL list of adblockers is a good analogy | 17:17 |
| RzR | your MP3 player is a good example | 17:17 |
| RzR | what is reasonable and what is not | 17:18 |
| ogra | well, the philosophy of snap security is "less is more" ... meanings to be as locked down as pssible .... and then open peice by piece | 17:18 |
| RzR | but it's clear for me that it can't be done only by one entity | 17:18 |
| RzR | good philosophy | 17:19 |
| RzR | well there are several problem here | 17:19 |
| ogra | so as requirements come in, interfaces are added and extended | 17:19 |
| ogra | but effectively the decision should lie at the user | 17:19 |
| RzR | but I wish a system that can be hardened user's side | 17:19 |
| ogra | it can | 17:20 |
| RzR | good | 17:20 |
| ogra | you can always disconnect interfaces | 17:20 |
| RzR | this is valuable feature | 17:20 |
| pedronis | ijohnson[m]: I reviewed https://github.com/snapcore/snapd/pull/10347 | 17:55 |
| === not_phunyguy is now known as phunyguy | ||
| === jdstrand_ is now known as jdstrand | ||
| mwhudson | does anyone have any idea why my snap build is failing with | 23:47 |
| mwhudson | /root/parts/subiquity/install/usr/bin/python3: No module named pip | 23:48 |
| mwhudson | and after snapcraft clean, multipass is complaining about the "snacraft remote" not working? | 23:55 |
| mwhudson | oh ssl errors in the logs grunk | 23:59 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!